Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0083

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Feb, 2004 | 05:00
Updated At-08 Aug, 2024 | 00:01
Rejected At-
Credits

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Feb, 2004 | 05:00
Updated At:08 Aug, 2024 | 00:01
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.novell.com/linux/security/advisories/2004_06_xf86.html
vendor-advisory
x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2004-060.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
vdb-entry
x_refsource_XF
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
vendor-advisory
x_refsource_SUNALERT
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
vendor-advisory
x_refsource_CONECTIVA
http://www.idefense.com/application/poi/display?id=72
x_refsource_MISC
http://www.securityfocus.com/bid/9636
vdb-entry
x_refsource_BID
http://security.gentoo.org/glsa/glsa-200402-02.xml
vendor-advisory
x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=107644835523678&w=2
mailing-list
x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=110979666528890&w=2
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2004/dsa-443
vendor-advisory
x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
vdb-entry
signature
x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
vendor-advisory
x_refsource_MANDRAKE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
vdb-entry
signature
x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2004-059.html
vendor-advisory
x_refsource_REDHAT
http://www.xfree86.org/cvs/changes
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/820006
third-party-advisory
x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=107653324115914&w=2
mailing-list
x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
vdb-entry
signature
x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2004-061.html
vendor-advisory
x_refsource_REDHAT
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.novell.com/linux/security/advisories/2004_06_xf86.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-060.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.idefense.com/application/poi/display?id=72
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/9636
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://security.gentoo.org/glsa/glsa-200402-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://marc.info/?l=bugtraq&m=107644835523678&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://marc.info/?l=bugtraq&m=110979666528890&w=2
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2004/dsa-443
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-059.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.xfree86.org/cvs/changes
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/820006
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://marc.info/?l=bugtraq&m=107653324115914&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-061.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Resource:
vendor-advisory
x_refsource_SLACKWARE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.novell.com/linux/security/advisories/2004_06_xf86.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-060.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
vdb-entry
x_refsource_XF
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.idefense.com/application/poi/display?id=72
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/9636
vdb-entry
x_refsource_BID
x_transferred
http://security.gentoo.org/glsa/glsa-200402-02.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://marc.info/?l=bugtraq&m=107644835523678&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://marc.info/?l=bugtraq&m=110979666528890&w=2
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2004/dsa-443
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
vendor-advisory
x_refsource_MANDRAKE
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-059.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.xfree86.org/cvs/changes
x_refsource_CONFIRM
x_transferred
http://www.kb.cert.org/vuls/id/820006
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://marc.info/?l=bugtraq&m=107653324115914&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-061.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2004_06_xf86.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-060.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.idefense.com/application/poi/display?id=72
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/9636
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200402-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=107644835523678&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=110979666528890&w=2
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-443
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-059.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.xfree86.org/cvs/changes
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/820006
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=107653324115914&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-061.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Mar, 2004 | 05:00
Updated At:03 Apr, 2025 | 01:03

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
xfree86_project
xfree86_project
>>x11r6>>4.1.0
cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.11
cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.12
cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.0
cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.3.0
cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openbsd>>3.3
cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*
OpenBSD
openbsd
>>openbsd>>3.4
cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=107644835523678&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=107653324115914&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=110979666528890&w=2cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200402-02.xmlcve@mitre.org
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-443cve@mitre.org
N/A
http://www.idefense.com/application/poi/display?id=72cve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/820006cve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012cve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2004_06_xf86.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-059.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-060.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-061.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/9636cve@mitre.org
Exploit
Patch
Vendor Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053cve@mitre.org
N/A
http://www.xfree86.org/cvs/changescve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15130cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612cve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=107644835523678&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=107653324115914&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=110979666528890&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-200402-02.xmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-443af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.idefense.com/application/poi/display?id=72af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/820006af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2004_06_xf86.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-059.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-060.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-061.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/9636af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Vendor Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.xfree86.org/cvs/changesaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15130af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107644835523678&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107653324115914&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=110979666528890&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200402-02.xml
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-443
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=72
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/820006
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2004_06_xf86.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-059.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-060.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-061.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/9636
Source: cve@mitre.org
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.xfree86.org/cvs/changes
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107644835523678&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107653324115914&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=110979666528890&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200402-02.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-443
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=72
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/820006
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2004_06_xf86.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-059.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-060.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-061.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/9636
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.xfree86.org/cvs/changes
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15130
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

30Records found
CVE-2002-0639
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-30.29% / 96.52%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2002-0083
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.08% / 88.08%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Action-Not Available
Vendor-trustixconectivaimmunixopenpkgengardelinuxn/aSUSEOpenBSDRed Hat, Inc.Mandriva (Mandrakesoft)
Product-opensshmandrake_linux_corporate_serveropenpkgimmunixsuse_linuxmandrake_single_network_firewalllinuxsecure_linuxmandrake_linuxn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2002-0640
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-61.12% / 98.24%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2001-0284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.37% / 79.42%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CVE-2001-0144
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-63.98% / 98.35%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

Action-Not Available
Vendor-sshn/aOpenBSD
Product-sshopensshn/a
CVE-2001-0247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-35.17% / 96.91%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

Action-Not Available
Vendor-n/aNetBSDMIT (Massachusetts Institute of Technology)Silicon Graphics, Inc.OpenBSDFreeBSD Foundation
Product-netbsdopenbsdirixfreebsdkerberos_5n/a
CVE-1999-0241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.13% / 89.46%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Action-Not Available
Vendor-xfree86_projectn/aSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)
Product-solarissunosx11r6irixn/a
CVE-1999-0323
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.48% / 64.17%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeBSD mmap function allows users to modify append-only or immutable files.

Action-Not Available
Vendor-bsdin/aOpenBSDNetBSDFreeBSD Foundation
Product-bsd_osnetbsdopenbsdfreebsdn/a
CVE-1999-0798
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.51% / 65.44%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

Action-Not Available
Vendor-bsdiscon/aOpenBSDRed Hat, Inc.FreeBSD Foundation
Product-bsd_osinternet_faststartopenbsdopenserverunixwarefreebsdlinuxn/a
CVE-2007-1365
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-38.72% / 97.15%
||
7 Day CHG~0.00%
Published-10 Mar, 2007 | 21:00
Updated-07 Aug, 2024 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CVE-2006-6102
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-2.46% / 84.63%
||
7 Day CHG~0.00%
Published-09 Jan, 2007 | 23:00
Updated-07 Aug, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Action-Not Available
Vendor-xfree86_projectn/aX.Org Foundation
Product-x.orgxfree86_x_servern/a
CVE-2006-4304
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.86% / 90.98%
||
7 Day CHG-0.17%
Published-24 Aug, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.

Action-Not Available
Vendor-n/aOpenBSDNetBSDFreeBSD Foundation
Product-netbsdopenbsdfreebsdn/a
CVE-2004-0914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.79% / 72.93%
||
7 Day CHG~0.00%
Published-15 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Action-Not Available
Vendor-lesstifxfree86_projectn/aX.Org FoundationGentoo Foundation, Inc.SUSERed Hat, Inc.
Product-suse_linuxx11r6lesstiffedora_corelinuxn/a
CVE-2004-0416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-43.03% / 97.40%
||
7 Day CHG~0.00%
Published-11 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Action-Not Available
Vendor-openpkgcvsn/aOpenBSDGentoo Foundation, Inc.Silicon Graphics, Inc.
Product-propackopenbsdcvsopenpkglinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-0414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.25% / 89.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Action-Not Available
Vendor-openpkgcvsn/aOpenBSDGentoo Foundation, Inc.Silicon Graphics, Inc.
Product-propackopenbsdcvsopenpkglinuxn/a
CVE-2004-0418
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.28% / 94.14%
||
7 Day CHG~0.00%
Published-11 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

Action-Not Available
Vendor-openpkgcvsn/aOpenBSDGentoo Foundation, Inc.Silicon Graphics, Inc.
Product-propackopenbsdcvsopenpkglinuxn/a
CVE-2004-0492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-19.74% / 95.22%
||
7 Day CHG~0.00%
Published-23 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

Action-Not Available
Vendor-n/aThe Apache Software FoundationSilicon Graphics, Inc.IBM CorporationOpenBSDHP Inc.
Product-propackopenbsdhttp_servervvoswebproxyvirtualvaultn/a
CVE-2004-0220
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.87% / 85.74%
||
7 Day CHG~0.00%
Published-25 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Action-Not Available
Vendor-n/aOpenBSD
Product-openbsdn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-0084
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.63% / 94.21%
||
7 Day CHG~0.00%
Published-14 Feb, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

Action-Not Available
Vendor-xfree86_projectn/aOpenBSD
Product-x11r6openbsdn/a
CVE-2003-0786
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.17% / 88.23%
||
7 Day CHG+1.83%
Published-25 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2003-0466
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-90.83% / 99.61%
||
7 Day CHG~0.00%
Published-01 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Action-Not Available
Vendor-wuftpdn/aNetBSDOpenBSDRed Hat, Inc.FreeBSD FoundationApple Inc.Sun Microsystems (Oracle Corporation)
Product-netbsdopenbsdwu_ftpdsolarismac_os_x_serverfreebsdmac_os_xwu-ftpdn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2003-0693
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-32.68% / 96.71%
||
7 Day CHG~0.00%
Published-17 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2002-1510
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.81% / 73.27%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.

Action-Not Available
Vendor-xfree86_projectn/a
Product-x11r6n/a
CVE-2002-0391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.57% / 88.77%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Action-Not Available
Vendor-n/aOpenBSDFreeBSD FoundationMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-windows_ntopenbsdsolariswindows_xpsunosfreebsdwindows_2000n/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2001-0554
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-27.44% / 96.23%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Action-Not Available
Vendor-netkitn/aNetBSDMIT (Massachusetts Institute of Technology)IBM CorporationSilicon Graphics, Inc.Debian GNU/LinuxOpenBSDFreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-netbsdopenbsdaixsolarisirixsunosdebian_linuxfreebsdkerberoslinux_netkitkerberos_5n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2001-0053
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-15.60% / 94.43%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.

Action-Not Available
Vendor-david_madoren/aOpenBSDNetBSD
Product-netbsdopenbsdftpd-bsdn/a
CVE-2000-1010
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.32% / 84.17%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

Action-Not Available
Vendor-n/aOpenBSDRed Hat, Inc.
Product-linuxopenbsdn/a
CVE-2000-0999
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.55% / 66.94%
||
7 Day CHG~0.00%
Published-29 Nov, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2000-0525
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.90% / 74.70%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Action-Not Available
Vendor-n/aOpenBSD
Product-opensshn/a
CVE-2020-7247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.04% / 99.89%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 15:53
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxCanonical Ltd.OpenBSD
Product-opensmtpdfedoraubuntu_linuxdebian_linuxn/aOpenSMTPD
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Details not found